daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: update matcher to match vuln 2.0.x versions for airflow CVE-2021-38540 

Versions `2.0.x` only have `Sign In` in the body so the current matcher
does not work for the vulnerable versions. This has been tested with the
following versions: 2.0.0, 2.0.1, 2.0.2, 2.1.1, 2.1.2

Signed-off-by: ludo <controlplane@spiarh.fr>
patch-1
ludo 2023-02-06 18:58:43 +01:00
parent f134ff411a
commit 69ddb02734
No known key found for this signature in database
GPG Key ID: 955B4156BCC6AB30
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2021/CVE-2021-38540.yaml
View File

@ -62,7 +62,7 @@ requests:
matchers:
- type: dsl
dsl:
- 'contains(body_1, "Sign In - Airflow")'
- 'contains(body_1, "Sign In")'
- 'status_code_2 == 302'
- 'contains(all_headers_2, "session=.")'
condition: and